Use Aquaris to easily manage related machines, their users and secrets!
Check out the quickstart guide and the provided example & template!
- flake.nix - Usage of the Aquaris functor & global config
- example - An example machine-specific configuration
- template - The mostly empty template configuration
Inspired by disko, but dissatisfied with its verbosity, suboptimal integration and some edge-case bugs, Aquaris implements a fairly complete filesystem configuration library.
It supports regular filesystems, btrfs subvolumes, swap, LUKS-encrypted partitions and even complex filesystems like LVM Volume Groups & Logical Volumes and ZFS pools and datasets.
With very compact semantics, provided default options and deep integration into the rest of Aquaris’s modules, most disko users should find this library a worthy replacement for dozens of lines of code!
Aquaris includes a powerful secrets management facility (AQS), with secrets belonging to one of three categories:
- toplevel: included by all NixOS configurations
- user: personal secrets like SSH keys or password hashes, readable by all machines the user is part of
- machine: secrets for machines like API keys or TLS certificates, readable only by the respective machine itself
This is inspired by agenix, but without the need to explicitly define the list of secrets and their corresponding public keys. Secrets are managed via the aqs command exported by this flake.
- aqs (secrets management command)
- Standard library
- Modules:
Check out the TODO file!